Hello Neale - On Wed, 03 Nov 1999, Neale Banks wrote: > Greetings all, > > With Radiator authenticating to a flat file, and given an entry: > > -------------------------------8<------------------------------- > neale Auth-Type = "System" > Service-Type = NAS-Prompt-User > -------------------------------8<------------------------------- > > with the dictionary including: > > -------------------------------8<------------------------------- > # grep Service-Type dictionary > ATTRIBUTE Service-Type 6 integer > VALUE Service-Type Login-User 1 > VALUE Service-Type Framed-User 2 > VALUE Service-Type Callback-Login-User 3 > VALUE Service-Type Callback-Framed-User 4 > VALUE Service-Type Outbound-User 5 > VALUE Service-Type Administrative-User 6 > VALUE Service-Type NAS-Prompt-User 7 > VALUE Service-Type Authenticate-Only 8 > VALUE Service-Type Callback-Admin-User 9 > VALUE Service-Type Annex-Authorize-Only 0x06300001 > VALUE Service-Type Annex-Framed-Tunnel 0x06300002 > VENDORATTR 166 Shiva-Service-Type 2 integer > VALUE Shiva-Service-Type VPN > -------------------------------8<------------------------------- > > The Cisco 5300 is insisting that the value being returned for Service-Type > is zero: > > -------------------------------8<------------------------------- > *Jan 16 04:40:53.081: RADIUS: Received from id 227 z.y.z.4:1812, Access-Accept, len >56 > *Jan 16 04:40:53.081: Attribute 8 6 FFFFFFFE > *Jan 16 04:40:53.081: Attribute 6 6 00000000 > *Jan 16 04:40:53.081: Attribute 9 6 FFFFFFFF > *Jan 16 04:40:53.081: Attribute 10 6 00000000 > *Jan 16 04:40:53.081: Attribute 12 6 000005DC > *Jan 16 04:40:53.081: Attribute 244 6 00000E10 > -------------------------------8<------------------------------- > > Rather unsurprisingly, this doesn't have the desired effect when the NAS > is looking to RADIUS for "exec" authorisation: > > RADIUS: Unknown service-type in shell-author: type=0 > RADIUS: no appropriate authorization type for user. > > Any suggestions on how to nail this one? I suggest two things: 1. check what Radiator thinks its sending with a debug trace 4 2. if point 1 above shows Radiator is doing the right thing, run tcpdump (or your favourite packet sniffer) and verify that the packet on the wire does indeed contain what Radiator says it does If point 1 above shows Radiator to be at fault, contact us immediately and we will fix whatever is wrong. If point 2 above, contact Cisco and report a bug. thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
